YoVDO

Oracle Data Redaction is Broken

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Data Protection Courses Data Encryption Courses PCI Compliance Courses

Course Description

Overview

Explore the vulnerabilities in Oracle's data redaction service, introduced in Oracle 12c, through this Black Hat conference talk. Learn how the service, designed to protect sensitive data like PII, can be bypassed by attackers, potentially leading to privilege escalation. Delve into the history of Oracle security issues, examine the implementation flaws, and discover multiple attack vectors that compromise the redaction feature. Understand the implications for PCI compliance and data encryption. Compare Oracle's approach to Microsoft's, and gain insights into Oracle's internal processes and documentation practices. Discover practical strategies to protect against these vulnerabilities and critically evaluate the effectiveness of Oracle's data redaction service in real-world scenarios.

Syllabus

Introduction
Who am I
History
Launching External Procedures
Oracles Fix
Backend Bypass
Patches
Oracle vs Microsoft
Oracle Data Redaction
Why Redaction
How it works
XML query vulnerability
Updating a column
Brute force
Common Criteria
Protection Profile
Data is not changed
Is it useful
PCI compliance
Data encryption
How do I protect against this
Oracles internal processes
Its not rocket science
No documentation
Oracle Fusion Media Pack


Taught by

Black Hat

Related Courses

Cryptography II
Stanford University via Coursera
Microsoft Enterprise Mobility Suite
Microsoft via edX
Social Media - What No One has Told You about Privacy
openHPI
Windows 10 Features for a Mobile Workforce: Identity Management and Data Access
Microsoft via edX
Health Professional Teaching Skills – Level 3 - Professionalism
University of Toronto via edX